Why MSPs are attractive cyberattack targets
Once again, government watchdogs have issued an alert to managed service providers (MSPs), encouraging them to implement new security guidance in response to increasing levels of cyberattacks.
MSPs are a prime target for cybercriminals – they have direct access to the networks and applications of multiple clients. Compromise the MSP, and you can launch all manner of malicious attacks against those clients or other companies using their infrastructure as a launchpad. The new guidance from The Cybersecurity and Infrastructure Security Agency and other domestic and international security organizations suggests several key steps MSPs should take to protect themselves.
The guidance included several best practices, including:
- Preventing initial compromise by implementing mitigation resources to protect against common attacks
- Monitoring and logging, along with endpoint detection and network defense monitoring
- Securing remote access applications and enforcing multifactor authentication
- Developing and practicing incident response and recovery plans
- Proactively managing supply chain risk across security, legal and procurement groups, and prioritizing resources
There were also many recommendations for MSP clients, including steps like implementing comprehensive security event management, ensuring MSP accounts are monitored/audited, and ensuring that MSP contracts include backup services.
Fully implemented, these recommendations would likely raise the cost of delivering services for most MSPs. However, the next MSP-related security breach will put service providers under even more scrutiny, so the potential cost of not following the guidance could be immeasurable.
“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase the downstream risk to the businesses and organizations they support,” said CISA Director Jen Easterly in the advisory. “That’s why MSPs and their customers must take action to protect their networks. Securing MSPs is critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”
With inflation spiking and technology supply chains still affected by the pandemic and war in Ukraine, the last thing many MSPs want to talk about is another round of rising costs. But MSPs (like their small and midsize clients) need to take seriously the notion that they are increasingly a top target of cyberattacks. As a result, service providers should fully leverage the security solutions they offer clients for their internal operations and use the latest AI-based monitoring and mitigation tools to keep cybercriminals out of their networks.
Otherwise, MSPs could find themselves at ground zero of a crippling attack. There have been MSPs locked out of their systems by ransomware or used as a conduit to infect all their clients with CryptoLocker and blackmailed into paying steep ransoms.
The potential cost of both ransom and restoration could be staggering. But, more importantly, a vulnerable MSP that creates customer breaches could face costly liability. The damage to the MSP’s reputation could also be significant – what customer or potential customer would ever trust them again?
Protecting your MSP from attacks
There has been no reported uptick in MSP-related attacks, but the CISA guidance provides a good roadmap for helping to ensure it stays that way. A few critical steps for MSPs to take note of would be:
- Utilize a security-centric remote monitoring and management (RMM) tool, and make sure all patches are regularly updated. Some of the MSP attacks that have already occurred stemmed from unpatched RMM issues.
- MSPs should also perform regular security audits. You are likely encouraging these types of audits for customers and prospects, so taking some of your own medicine will improve visibility and provide an excellent example for clients to follow.
- Leverage AI- and machine learning-based security solutions to improve email and network monitoring and initiate automated mitigation and response strategies.
- Revisit your security incident response plan in light of the current guidance and latest threats, and regularly test your ability to rapidly secure client networks and restore service in the event of a breach.
MSPs could be attractive targets for cyberattacks, particularly with the current volatility in the geopolitical landscape. However, by investing in the time, training, and technology recommended by CISA and other global agencies, MSPs can avoid being unwitting accomplices in these attacks.
This article originally appeared in Channel Futures.